dnssec-revoke.docbook revision 19c7b1a0293498a3e36692c59646ed6e15ffc8d0
c63ebf815c8a874525cf18670ad74847f7fc7b26Christian Maeder - Copyright (C) 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
25cc5fbba63f84b47e389af749f55abbbde71c8cChristian Maeder - Permission to use, copy, modify, and/or distribute this software for any
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - purpose with or without fee is hereby granted, provided that the above
43b4c41fbb07705c9df321221ab9cb9832460407Christian Maeder - copyright notice and this permission notice appear in all copies.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
43b4c41fbb07705c9df321221ab9cb9832460407Christian Maeder - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f2f9df2e17e70674f0bf426ed1763c973ee4cde0Christian Maeder - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - PERFORMANCE OF THIS SOFTWARE.
68d10d143f29fcff3c637ba24f90e983995ceae6Christian Maeder<!-- Converted by db4-upgrade version 1.0 -->
a53841f6d6e86ac751c12a33dc8aadf53f59d977Klaus Luettich<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
a737caf82de97c1907027c03e4b4509eb492b4b8Christian Maeder <refentryinfo>
96646aed2ae087b942ae23f15bbe729a8f7c43d3Christian Maeder <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
01e383014b555bbcf639c0ca60c5810b3eff83c0Christian Maeder </refentryinfo>
a6db617ca58eb6a0587b6366e913107dfecb71b5Heng Jiang <refentrytitle><application>dnssec-revoke</application></refentrytitle>
a1ed34933c266ce85066acb0d7b20c90cb8eb213Christian Maeder <refname><application>dnssec-revoke</application></refname>
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
8410667510a76409aca9bb24ff0eda0420088274Christian Maeder </refnamediv>
4cb215739e9ab13447fa21162482ebe485b47455Christian Maeder <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
356fa49fe3e6a8398f92d13e9f920d0f093697ecChristian Maeder <refsynopsisdiv>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
8d97ef4f234681b11bb5924bd4d03adef858d2d2Christian Maeder <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder <arg choice="opt" rep="norepeat"><option>-V</option></arg>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
e593b89bfd4952698dc37feced21cefe869d87a2Christian Maeder <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <arg choice="opt" rep="norepeat"><option>-f</option></arg>
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder <arg choice="opt" rep="norepeat"><option>-R</option></arg>
7cc09dd93962a2155c34d209d1d4cd7d7b838264Christian Maeder <arg choice="req" rep="norepeat">keyfile</arg>
1aee4aaddde105264c1faf394d88e302c05094ffChristian Maeder </cmdsynopsis>
1aee4aaddde105264c1faf394d88e302c05094ffChristian Maeder </refsynopsisdiv>
7cc09dd93962a2155c34d209d1d4cd7d7b838264Christian Maeder <refsection><info><title>DESCRIPTION</title></info>
c3053d57f642ca507cdf79512e604437c4546cb9Christian Maeder reads a DNSSEC key file, sets the REVOKED bit on the key as defined
dcbd32289a7bdf1e6edd06c6ab0698c6a9dbf37aChristian Maeder in RFC 5011, and creates a new pair of key files containing the
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder now-revoked key.
dcbd32289a7bdf1e6edd06c6ab0698c6a9dbf37aChristian Maeder </refsection>
c2fcc35abb03cf0b4ca4b050efeb10827f38c322Christian Maeder <refsection><info><title>OPTIONS</title></info>
356fa49fe3e6a8398f92d13e9f920d0f093697ecChristian Maeder <variablelist>
4ed0007ac9caea5b468f202521352d153481423cChristian Maeder <varlistentry>
f13d1e86e58da53680e78043e8df182eed867efbChristian Maeder Emit usage message and exit.
79e80c4b3f0ebb337d84415a50f29ccfc793e68bChristian Maeder </varlistentry>
79e80c4b3f0ebb337d84415a50f29ccfc793e68bChristian Maeder <varlistentry>
36f63902db2b3463faa9f59912ad106e2d5aaa24Klaus Luettich <term>-K <replaceable class="parameter">directory</replaceable></term>
00ccf62b4570513e965eb156ab5916ec816c5d2bDominik Luecke Sets the directory in which the key files are to reside.
a7c27282e71cf4505026645f96d4f5cb8a284e32Christian Maeder </varlistentry>
8a28707e9155465c6f2236a06eac6580a65c7025Christian Maeder <varlistentry>
431d34c7007a787331c4e5ec997badb0f8190fc7Christian Maeder After writing the new keyset files remove the original keyset
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </varlistentry>
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder <varlistentry>
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder <term>-v <replaceable class="parameter">level</replaceable></term>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder Sets the debugging level.
a6db617ca58eb6a0587b6366e913107dfecb71b5Heng Jiang </varlistentry>
a6082d6cfdfbdc6a4e70430bb25638dfa4f0db9bHeng Jiang <varlistentry>
498aa48bdb931ab50990d3b74318a5db2312186cChristian Maeder Prints version information.
6dc9bc98d0854fe2e3dd3bfc4275096a0c28ee1cChristian Maeder </varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <varlistentry>
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder <term>-E <replaceable class="parameter">engine</replaceable></term>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder Specifies the cryptographic hardware to use, when applicable.
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder When BIND is built with OpenSSL PKCS#11 support, this defaults
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder to the string "pkcs11", which identifies an OpenSSL engine
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder that can drive a cryptographic accelerator or hardware service
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder module. When BIND is built with native PKCS#11 cryptography
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder (--enable-native-pkcs11), it defaults to the path of the PKCS#11
03a6d8f77f588dc5d3dd6653797fa2362efa1751Christian Maeder provider library specified via "--with-pkcs11".
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </varlistentry>
a5e5b8c3e5c11177e5034ef2423813a5d28979edChristian Maeder <varlistentry>
a5e5b8c3e5c11177e5034ef2423813a5d28979edChristian Maeder Force overwrite: Causes <command>dnssec-revoke</command> to
a5e5b8c3e5c11177e5034ef2423813a5d28979edChristian Maeder write the new key pair even if a file already exists matching
2d130d212db7208777ca896a7ecad619a8944971Christian Maeder the algorithm and key ID of the revoked key.
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder </varlistentry>
2d130d212db7208777ca896a7ecad619a8944971Christian Maeder <varlistentry>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder Print the key tag of the key with the REVOKE bit set but do
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder not revoke the key.
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder </varlistentry>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder </variablelist>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder </refsection>
88318aafc287e92931dceffbb943d58a9310001dChristian Maeder <refsection><info><title>SEE ALSO</title></info>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </citerefentry>,
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
363939beade943a02b31004cea09dec34fa8a6d9Christian Maeder </refsection>